Merge remote-tracking branch 'gum/master'

author: tv <tv@krebsco.de> 2016-02-19 14:30:39 +0100
committer: tv <tv@krebsco.de> 2016-02-19 14:30:39 +0100
commit: cb258d399015cf8fe1439b21e6b1208d72101adc (patch)
tree: ef17d417419e5bb00487ec98e4c36e80485ede97 /makefu/2configs
parent: ffc47bf80d521635021b3f7a0122092708ebd2bf (diff)
parent: 74cfe87654638106f2d2a1a698814b41c2e904f2 (diff)
6 files changed, 59 insertions, 4 deletions
diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix
index 83018e9f8..3043a1af3 100644
--- a/makefu/2configs/default.nix
+++ b/makefu/2configs/default.nix
@@ -4,6 +4,13 @@ with config.krebs.lib;
 {
   system.stateVersion = "15.09";
 
+  system.replaceRuntimeDependencies = with pkgs.lib;
+        [{original = pkgs.glibc; replacement = pkgs.stdenv.lib.overrideDerivation pkgs.glibc (oldAttr: { patches = oldAttr.patches ++
+          [(pkgs.fetchurl { url = "https://raw.githubusercontent.com/NixOS/nixpkgs/master/pkgs/development/libraries/glibc/cve-2015-7547.patch";
+                            sha256 = "0awpc4rp2x27rjpj83ps0rclmn73hsgfv2xxk18k82w4hdxqpp5r";})];
+        });}
+        ];
+
   imports = [
     {
       users.extraUsers =
diff --git a/makefu/2configs/deployment/mycube.connector.one.nix b/makefu/2configs/deployment/mycube.connector.one.nix
new file mode 100644
index 000000000..38fc4a243
--- /dev/null
+++ b/makefu/2configs/deployment/mycube.connector.one.nix
@@ -0,0 +1,46 @@
+{ config, lib, pkgs, ... }:
+# more than just nginx config but not enough to become a module
+with config.krebs.lib;
+let
+  hostname = config.krebs.build.host.name;
+  external-ip = head config.krebs.build.host.nets.internet.addrs4;
+  wsgi-sock = "${config.services.uwsgi.runDir}/uwsgi.sock";
+in {
+  services.redis.enable = true;
+  services.uwsgi = {
+    enable = true;
+    user = "nginx";
+    plugins = [ "python2" ];
+    instance = {
+      type = "emperor";
+      vassals = {
+        mycube-flask = {
+          type = "normal";
+          python2Packages = self: with self; [ pkgs.mycube-flask flask redis werkzeug jinja2 markupsafe itsdangerous ];
+          socket = wsgi-sock;
+        };
+      };
+    };
+  };
+
+  krebs.nginx = {
+    enable = mkDefault true;
+    servers = {
+      mybox-connector-one = {
+        listen = [ "${external-ip}:80" ];
+        server-names = [
+          "mycube.connector.one"
+          "mybox.connector.one"
+        ];
+        locations = singleton (nameValuePair "/" ''
+          uwsgi_pass unix://${wsgi-sock};
+          uwsgi_param         UWSGI_CHDIR     ${pkgs.mycube-flask}/${pkgs.python.sitePackages};
+          uwsgi_param         UWSGI_MODULE    mycube.websrv;
+          uwsgi_param         UWSGI_CALLABLE  app;
+
+          include ${pkgs.nginx}/conf/uwsgi_params;
+        '');
+      };
+    };
+  };
+}
diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix
index a488d98f2..15700e10d 100644
--- a/makefu/2configs/git/cgit-retiolum.nix
+++ b/makefu/2configs/git/cgit-retiolum.nix
@@ -57,7 +57,7 @@ let
 
 
   # TODO: get the list of all krebsministers
-  krebsminister = with config.krebs.users; [ lass tv uriel ];
+  krebsminister = with config.krebs.users; [ lass tv ];
   all-makefu = with config.krebs.users; [ makefu makefu-omo makefu-tsp makefu-vbob ];
   all-exco = with config.krebs.users; [ exco ];
 
diff --git a/makefu/2configs/hw/tp-x2x0.nix b/makefu/2configs/hw/tp-x2x0.nix
index 892be07b8..d5ce34bd4 100644
--- a/makefu/2configs/hw/tp-x2x0.nix
+++ b/makefu/2configs/hw/tp-x2x0.nix
@@ -2,8 +2,7 @@
 
 with config.krebs.lib;
 {
-  # TODO: put this somewhere else
-  networking.wireless.enable = true;
+  networking.wireless.enable = lib.mkDefault true;
 
   hardware.enableAllFirmware = true;
   nixpkgs.config.allowUnfree = true;
diff --git a/makefu/2configs/main-laptop.nix b/makefu/2configs/main-laptop.nix
index c3e43723c..452cdfb23 100644
--- a/makefu/2configs/main-laptop.nix
+++ b/makefu/2configs/main-laptop.nix
@@ -12,6 +12,9 @@ with config.krebs.lib;
     ./fetchWallpaper.nix
     ./zsh-user.nix
   ];
+
+  users.users.${config.krebs.build.user.name}.extraGroups = [ "dialout" ];
+
   environment.systemPackages = with pkgs;[
     vlc
     firefox
diff --git a/makefu/2configs/nginx/update.connector.one.nix b/makefu/2configs/nginx/update.connector.one.nix
index 044a14075..ac5e6b17b 100644
--- a/makefu/2configs/nginx/update.connector.one.nix
+++ b/makefu/2configs/nginx/update.connector.one.nix
@@ -8,7 +8,7 @@ in {
   krebs.nginx = {
     enable = mkDefault true;
     servers = {
-      omo-share = {
+      update-connector-one = {
         listen = [ "${external-ip}:80" ];
         server-names = [
           "update.connector.one"
author	tv <tv@krebsco.de>	2016-02-19 14:30:39 +0100
committer	tv <tv@krebsco.de>	2016-02-19 14:30:39 +0100
commit	cb258d399015cf8fe1439b21e6b1208d72101adc (patch)
tree	ef17d417419e5bb00487ec98e4c36e80485ede97 /makefu/2configs
parent	ffc47bf80d521635021b3f7a0122092708ebd2bf (diff)
parent	74cfe87654638106f2d2a1a698814b41c2e904f2 (diff)